Saturday, October 22, 2016

Networking

Chapter 8 - Networking

The Windows Command Prompt is based off the old DOS command line, and DOS had hardly any networking commands. Back in the days of DOS, computer networking was still in its infancy, and therefore DOS had no need of networking commands. Stand-alone workstations were more common than computers joined together in local area networks. 

All that has changed. Nowadays, a computer is far more likely to be connected to some kind of network (whether a home connection or workplace LAN) than not. In fact, computers that are not connected to the Internet in some form are increasingly rare. This means that Command Prompt has numerous commands dealing with networks, networking, and IP addresses, and we’ll discuss those commands in this chapter. 

 

WHAT IS AN IP ADDRESS?

 

First, however, we should discuss IP addresses. Before we explain the Windows Command Prompt's networking commands, it’s a good idea to have a firm grasp of the basics of IP addressing. 

The letters "IP" stand for Internet Protocol, and the Internet Protocol is part of the TCP/IP (Transmission Control Protocol/Internet Protocol) suite, a group of related protocols that lay down the rules for how computers communicate over networks, both over LANs and the larger Internet. An IP address, therefore, is a (theoretically) unique address assigned to a computer. It's a bit like a street address - it lets other computers send traffic to and receive traffic from your system. An IP address consists of four groups of numbers separated by dots:

192.168.1.1

These numbers are actually the numerical form of a binary number. None of these numbers can be higher than 255. (While watching a detective TV show, it’s occasionally hilarious to see the police track a criminal using a ludicrously implausible IP address, like 689.34.385.339.)

The dominant version of the IP protocol is Version 4, commonly referred to as IPv4. Under IPv4, there are only 4.6 billion IP addresses available, and the available IP addresses ran out a few months before the time of this writing. (IPv6, which has many more available addresses, will eventually replace IPv4, but for now, IPv4 remains dominant.) There are obviously far more computers, phones, routers, switches, and other networked devices in the world than 4.6 billion, so how do all these devices receive IP addresses?

The answer is a "private IP address." Certain blocks of IP addresses have been reserved for use in private networks. These blocks, using a technology called Network Address Translation (NAT), are then "translated" to public IP addresses. This has extended the lifetime of the available IPv4 address space for decades. The ranges of the reserved private addresses are:

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

Odds are, your computer has an IP address in one of those ranges as part of a private network (even if it's just a private network generated by your wireless router). 

IP address also have a "subnet mask". A subnet mask defines which parts of the IP address designate the network, and which part designates the individual computer. Let's say the IP address of 192.168.1.1 from above has a subnet mask like this:

255.255.255.0

That means the 192.168.1 part of the address indicates the network, while the final 1 indicates the computer. 

IP addresses usually include a “broadcast” address. Any traffic sent to the broadcast address is directed to every single computer in the local network. A broadcast address has a “255” as its final number, so a computer with a 192.168.1.1 address will have a broadcast address of 192.168.1.255. 

Lastly, IP addresses usually (but not always) come with a "default gateway". The default gateway is the address you computer sends traffic destined for anywhere outside the local network segment. Like, say you want to visit Google with your web browser. Your computer recognizes that Google isn't on the 192.168.1.* network, and so forwards the request to the default gateway, which then sends the traffic on to Google. (This is a simplification, but adequate for our purposes.)

 

FINDING YOUR IP ADDRESS

 

Find your IP address from the Command Prompt is quite easy, and in fact (as we mentioned in the Introduction) quite a bit easier than doing it from the GUI. Simply go to the Command Prompt and type this command:

IPCONFIG

The IPCONFIG command stands for “IP Configuration”, and in its default state it spits out quite a bit of information about your computer’s network configuration. The most important information is found under two different headings. You can find the information for your computer’s Ethernet adapter under the heading marked “Ethernet adapter Local Area Connection.” (If you have more than one Ethernet adapter, each additional adapter will be labeled Local Area Connection 2, Local Area Connection 3, and so forth.) If your computer has a wireless network card, as most laptops do, it will have a heading marked “Wireless LAN adapter Wireless Network Connection.”

The important information will look like this:

IPv4 Address. . . . . . . . . . . : 10.10.8.100

 Subnet Mask . . . . . . . . . . . : 255.255.255.0

 Default Gateway . . . . . . . . :10.10.8.200

Here you see listed your computer’s IP (version 4) address, your subnet mask, and your default gateway. 

There is a second command available to find your IP address. It takes longer to type, but it presents much less extraneous information than IPCONFIG. The Command Prompt includes a command called NETSH (for “net shell”) to perform network tasks from the command line, and you can use it to find your IP address:

NETSH INTERFACE IPV4 SHOW ADDRESS

The command’s output will look something like this:

Configuration for interface "Wireless Network Connection"

    DHCP enabled:                         Yes

    IP Address:                           10.10.8.100

    Subnet Prefix:                        10.10.8.0/24 (mask 255.255.255.0)

    Default Gateway:                      10.10.8.200

    Gateway Metric:                       0

    InterfaceMetric:                      25

Using either IPCONFIG or NETSH INTERFACE IPV4 SHOW ADDRESS will allow you to view your IP address from the command line.

 

FINDING THE MAC ADDRESS AND OTHER INFORMATION

 

Finding your IP address is useful, but there are other pieces of networking information that you might need. Your computer’s DNS server, for one – DNS stands for “Domain Name Service”, and a DNS server translates easy domain names, like http://www.jonathanmoeller.com, into appropriate IP addresses. You might also need to find your computer’s MAC address. MAC stands for “Media Access Control”, and every network adapter has its own unique MAC address burned into the hardware. (Theoretically, anyway – it’s relatively simple to fake a MAC address.) 

IPCONFIG in its default state does not show the MAC address. But like every other command, it includes switches. With the /ALL switch, IPCONFIG shows a great deal more information:

IPCONFIG /ALL

Here’s some of the information the command will list for each network adapter on your system:

Connection-specific DNS Suffix  . :

Description . . . . . . . . . . . :

Physical Address. . . . . . . . . :

DHCP Enabled. . . . . . . . . . . :

Autoconfiguration Enabled . . . . :

Link-local IPv6 Address . . . . . :

IPv4 Address. . . . . . . . . . . :

Subnet Mask . . . . . . . . . . . :

Lease Obtained. . . . . . . . . . :

Lease Expires . . . . . . . . . . :

Default Gateway . . . . . . . . . :

 

DHCP Server . . . . . . . . . . . :

DHCPv6 IAID . . . . . . . . . . . :

DHCPv6 Client DUID. . . . . . . . :

 

DNS Servers . . . . . . . . . . . :

 

Primary WINS Server . . . . . . . :

NetBIOS over Tcpip. . . . . . . . :

Your computer’s MAC address will be listed under the “Physical Address” item. You can also find the address of your DNS servers under the “DNS Servers” item. 

There is a quicker way to find your MAC address with the GETMAC command. Type this command, and it will list the MAC address for every single network adapter on your system:

GETMAC

However, the default output generated by the GETMAC command is not terribly useful. It lists the adapters by “transport name”, which is generally a long string of letters and numbers. It’s quite difficult to figure out which transport name corresponds to which adapter. Fortunately, using the /V switch with GETMAC produces a more informative ouput:

GETMAC /V

This sorts the output by the name of the connection (Local Area Connection, etc.) and therefore makes it much easier to find which MAC address goes with which adapter.

 

RENEWING AND RELEASING IP ADDRESSES

 

There are two ways to give a computer an IP address, static and dynamic. With a static IP address, you manually assign an IP address to a computer, and it never changes. This works well enough for small networks, but on a network with hundreds or even thousands of computers, keeping track of which computer has which IP address quickly becomes overwhelming.

The second method is a technology called DHCP, which stands for Dynamic Host Configuration Protocol. With DHCP, the network administrator configures a DHCP server for the network. When a computer connects to the network, it communicates with the server and receives an IP address. With the IP address comes a “lease”, the amount of time the computer gets to keep the address. Usually, the computer renews its lease with the DHCP server halfway before the time expires. 

DHCP is automated, and the process is supposed to be invisible to the user. Like any technical process, things sometimes do go wrong. A common one is that the computer has an expired IP address, yet refuses to release it (this often happens when you move a computer to a different network with a different DHCP server). You can use the IPCONFIG command at the Command Prompt to force your computer to release any DHCP address. Type IPCONFIG with this switch:

IPCONFIG /RELEASE

This will release your computer’s IP addresses. 

(Note that you must be running Command Prompt as an administrator for this command to work.)

You can also use IPCONFIG to contact the network’s DHCP server for a new address. Generally, when you connect your computer to a new network, it should automatically contact the DHCP server to receive an address. But if you’ve just released the address, your computer might not re-contact the DHCP server. You can force it to renew the lease on its IP address with this command:

IPCONFIG /RENEW

If your computer doesn’t have a DHCP-assigned address, it will attempt to contact a DHCP server and get an address. If your computer already has an address, it will contact the DHCP server and renew its lease on that address. 

 

SETTING A STATIC IP ADDRESS

 

Under most circumstances, most computers do not need a static IP address (especially if there’s a DHCP server on the network). Most server systems, however, need a static IP. Server software likes stability, and is liable to malfunction every time the server receives a new DHCP IP address. For that matter, keeping a static IP makes it easier for client systems to find the target server.

You can set a static IP address using the NETSH command. If you wanted to set a static IP address on the “Local Area Connection” Ethernet adapter of 192.168.1.100, with a subnet mask of 255.255.255.0 and a default gateway of 192.168.1.200:

NETSH INTERFACE IPV4 SET ADDRESS “LOCAL AREA CONNECTION” STATIC 192.168.1.100 255.255.255.0 192.168.1.200

Note that you need to run NETSH from the Command Prompt as an administrator. 

Having a static IP address will not do you much good unless you also set the address for the DNS sever. Most DHCP servers supply the address of a DNS server as part of the address information, but if you use a static address, you’ll need to set it on your own. Fortunately, you can do this with NETSH. If you wanted to set a DNS server address of 192.168.1.200, you would use this command:

NETSH INTERFACE IPV4 SET DNSSERVERS “LOCAL AREA CONNECTION” STATIC 192.168.1.100

These two command will let you first set a static IP, and then assign a DNS server address to your computer.

If you change your mind and want to use a DHCP address again, you can also set your computer to use a DHCP address from the Command Prompt. To set your computer to receive a dynamic IP address on the “Local Area Connection” adapter, use the NETSH command:

NETSH INTERFACE IPV4 SET ADDRESS NAME=”LOCAL AREA CONNECTION” SOURCE=DHCP

To tell your computer to receive its DNS server address from the DHCP server, use this version of the NETSH command:

NETSH INTERFACE IPV4 SET DNSSERVERS NAME=”LOCAL AREA CONNECTION” SOURCE=DHCP

This will configure your computer to receive a DNS server address from the DHCP server. 

 

DIAGNOSING NETWORK PROBLEMS

 

If you’ve ever had to repair a computer (or even used one, for that matter), you know that network and Internet connection problems are a depressingly common occurance. And you also know that Windows’s built-in graphical tools for solving network problems are not often that useful. Fortunately, the command line’s tools are much better at getting practical information.

The first and most commonly used network-diagnostic command is the PING command. PING stands for “Packet Internet Groper”, and it relies upon the ICMP protocol, the Internet Control Message Protocol. Basically, the PING command sends a packet to a network destination, such as a server or another PC, and if the destination is activate, it sends back an acknowledgement packet. For instance, if you wanted to ping the PC at the IP address of 192.168.1.2, you would use this command:

PING 192.168.1.2

If 192.168.1.2 is up, the PING command will generate an output like this:

Reply from 192.168.1.2: bytes=32 time=1ms TTL=127

Reply from 192.168.1.2: bytes=32 time=1ms TTL=127

Reply from 192.168.1.2: bytes=32 time=1ms TTL=127

Reply from 192.168.1.2: bytes=32 time=32ms TTL=127

PING also has a few command options you can use to alter its performance. The /T switch tells PING to continuously send packets until you use CTRL-C to tell it to stop:

PING /T 192.168.1.2

This is useful to continuously test a connection, since it will allow you to see if it is intermittently dropping traffic.

You can also use the /N switch to tell PING to send a certain number of packets. In this example, PING will send six packets, and then stop:

PING /N 6 192.168.1.2

Note that the PING command will not always work, even if a remote destination has an active network connection. This is because Windows 7, by default, blocks ICMP traffic, and several other operating systems do the same. However, enough devices do permit ICMP traffic to make PING a useful diagnostic tool.

 

TRACING PATHS

 

Sometimes your network connection is active, but you can’t access a particular destination. In this case, the TRACERT command becomes useful. TRACERT maps the network route from your computer to the destination, and sends every device in the path an ICMP packet. You can then see which devices in the path are not responding, and then hopefully determine a solution. For instance, to trace the path to 192.168.1.2, you would use TRACERT like this:

TRACERT 192.168.1.2

The output will look something like this, with one line for each “hop” (another device in the chain) to the destination:

1     1 ms     1 ms     1 ms  10.10.11.254

2    54 ms     1 ms     1 ms  192.168.1.2

TRACERT, by default, runs up to thirty hops, but you can use the /H switch to force a higher or lower number of hops. 

 

DNS PROBLEMS

 

DNS is a bit like the circulatory system in the human body. When it’s working right, you will forget that it’s there. But when it goes bad, everything grinds to a halt. DNS is much the same way. Without it, you can’t type addresses into the addresses bar of your web browser, or use any network resources that depend upon DNS.

You can use the NSLOOKUP utility to determine if your DNS server is functioning or not. NSLOOKUP runs a query against the DNS server, and if the server is active, the command produces a response. Specifically, it looks up the IP address of the domain name you used with the command. For example, this is what the command to look up the IP address of Google.com would look like:

NSLOOKUP google.com

The command would generate an output like this:

Non-authoritative answer:

Name:    google.com

Addresses:  74.125.225.84

          74.125.225.83

          74.125.225.81

          74.125.225.82

          74.125.225.80

If NSLOOKUP does not generate a response, you know that either your DNS server is having problems, or your computer cannot communicate with the DNS server due to a connection problem.

 

TRACKING NETWORK STATISTICS

 

The Command Prompt also includes a powerful utility for tracking network statistics – the NETSTAT command. Issuing the NETSTAT command without any switches at the command line displays a list of currently active network connections to your computer. NETSTAT comes with a variety of switches that improve its usefulness:

-/A, which lists all connections and open ports on your computer.

-/E, displays the Ethernet statistics – how many bytes of data your computer as sent and received, and so forth.

-/S, displays the statistics on a per-protocol basis – TCP, IP, ICMP, and others.

NETSTAT is a fairly advanced utility, but you can use it to help track down obscure network problems afflicting your computer.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)